Findings: Vendor Risk Assessment Made Easy

Follow Findings on :

Jonatan Perry, CTO and Kobi Freedman, CEO
When the SolarWinds data breach incident unfolded last December, the entire business realm felt the shockwave. It all started when the software vendor made its update available to customers aiming to enhance the performance of its popular network management system, Orion. The cyber-spies are believed to surreptitiously tamper with this update and enter the servers of Solarwind’s huge customer base—ranging from America’s Fortune 500 companies to the Office of President of the U.S. The incident was so grave that the Cybersecurity and Infrastructure Security Agency and the FBI were immediately made accountable for the investigation.

But, even almost after a year of the Solarwind mishap, why is it still at the center of our discussion? The answer is simple: the business world is struggling owing to the supply-chain risks and cybersecurity attacks on vendors. In fact, it has become one of the cardinal attack vectors. What leads to such quandary is companies’ negligence or reluctance in assessing and defining risk reduction plans for individual vendors owing to the cost and time associated with the process. According to reports, almost 75 percent of cloud vendors lack sufficient security measures, and 90 percent of SME vendors have not established security awareness, policies, and procedures at all. Also, the vendor risk assessment and management process are inefficient, spreadsheet-driven, and labor-intensive. This mandates IT teams with the daunting and cumbersome task of continually evaluating both new and existing vendors, understanding their security maturity, and tracking their improvement.

“Vendor risk assessment and management is still a manual process. As a result, there is room for human- induced errors and negligence, which might put organizational data and operational processes at the risk of disruption and open the windows for the violation of regulatory requirements,” says Kobi Freedman, CEO, and Co-Founder, Findings. “Findings streamlines this manually-driven, labor-intensive process for clients and enables them to save time and cost, while avoiding regulatory radars.”

Since its inception, Findings has been driven by the mission and vision to help businesses eliminate security or privacy regulation concerns for their supply chain operations. To make this a reality, the company has architected its proprietary platform that helps both enterprises and vendors. To elucidate, by using this platform, enterprises, on the one hand, can automate vendor security programs, continuously monitor long-tail exposure, manage on-boarding, event-driven and continuous risk, among others. On the other hand, the platform equips vendors with the capability to showcase their security posture to customers, automate assessment & RFP response, and meet customer requirements. The company allows clients to customize everything in line with their own business requirements.


Our solution offers a platform to assess, verify and contextualize risk. We are continuously working to enhance the efficacy of the platform and make it data rich to solve complex business problems


This is important as the cyber-threat landscape and regulatory frameworks differs from one industry to the other, and every business has its own metrics for vendor risk programs. Leveraging the power of AI and NLP, Findings creates machine-to-machine risk monitoring ecosystem and reduces the amount of friction when organizations are trying to connect with each other. This helps businesses to have their own terminology regarding risk assessment and the ability to connect and answer all the questions while minimizing the assessment cost.

Findings’ platform also automates the control verification process for clients. Traditionally, members from IT teams or hired consultants had to personally go check the vendor site to inspect the control status. As opposed to this, Findings is integrating into cloud infrastructure and endpoint infrastructure and intelligence tools in order to have a process, which is transforming the industry from subjective compliance to objective compliance.

“You don’t need to just answer questions anymore. We are getting the verified answers from various sources by ourselves. So both buyers and vendors can connect faster and have more reliability and transparency in their relation over time,” Freedman elucidates.

To put things into perspective, a global semiconductor company that works with almost 40,000 vendors was struggling to assess the security posture of dozens of them annually. The inability to scale exposed them to security, compliance and data risks across multiple regulatory frameworks. To this end, they implemented the Findings platform. As such, the semiconductor company today can easily manage a huge number of vendors at friction of cost.

Such instances of client success always drive Findings to explore new avenues of growth. Currently, the company has partnered with many service providers across the world including Trustwave—one of the largest managed security services providers. “Our solution offers a platform to assess, contextualize and manage risk. We are continuously working to enhance the efficacy of the platform and make it data rich to solve complex business problems,” Freedman concludes.

Company
Findings

Headquarters
New York, NY

Management
Jonatan Perry, CTO and Kobi Freedman, CEO

Description
Since its inception, Findings has been driven by the mission and vision to help businesses eliminate security or privacy regulation concerns for their supply chain operations. To make this a reality, the company has architected its proprietary platform that helps both enterprises and vendors. To elucidate, by using this platform, enterprises, on the one hand, can automate vendor security programs, continuously monitor long-tail exposure, manage on-boarding, event-driven and continuous risk, among others. On the other hand, the platform equips vendors with the capability to showcase their security posture to customers, automate assessment & RFP response, and meet customer requirements

Findings